News linked to this event type.
according to Onchain Lens monitoring, a Balancer attacker has exchanged 21,000 ETH for 617.43 BTC over the past three days, worth $48.72 million. The attacker currently still holds 1,000 ETH, worth $2.32 million, and may conduct further sell-offs.
Litecoin disclosed on X platform that a recent zero-day vulnerability once led to a DoS attack, affecting the operation of major mining pools. Mining nodes that were not updated in time allowed an invalid MWEB (MimbleWimble Extension Block) transaction to be executed, enabling the relevant tokens to be withdrawn to a third-party DEX. The Litecoin network rolled back these invalid transactions through a 13-block reorganization (reorg), confirming they would not be included in the main chain. All valid transactions during this period were unaffected. The vulnerability has now been completely fixed, and the network has resumed normal operation.
According to SolanaFloor, Minhdonz, Product Lead of Drift, announced on the project’s official Discord that Drift has recently updated its relaunch timeline and plans to reintroduce its forked exchange in May or June this year. Previously, Drift suffered a severe hack involving approximately $285 million—reportedly linked to a social engineering attack by a North Korean hacker group.
the lending protocol Purrlend was attacked on the MegaETH and HyperEVM networks, resulting in losses of approximately $1.52 million. The attacker extracted approximately $1.2 million in assets from the HyperEVM network, including 449,683 USDC, 214,125 USDT0, 194,745 USDH, and portions of UBTC, wstHYPE, UETH, kHYPE, and WHYPE. The attacker also extracted approximately $324,000 in assets from the MegaETH network, including USDT0, WETH, and USDm. Purrlend has since paused the protocol and launched an investigation. The attacker's address has been identified on the block explorers of both networks.
According to CoinDesk, while quantum computers cannot break Bitcoin’s mining mechanism or blockchain ledger, they could potentially crack the elliptic curve cryptography (ECC) that secures wallet ownership—using Shor’s algorithm. Currently, approximately 6.9 million BTC—roughly one-third of the total supply—are at potential risk because their public keys are already visible on-chain; this includes Satoshi Nakamoto’s estimated early holdings of about 1 million BTC. Transactions generated after Ethereum’s 2021 Taproot upgrade are similarly exposed due to public key disclosure. Ethereum has maintained an official post-quantum migration plan since 2018, with four full-time teams and over ten independent development groups, and operates a dedicated progress website at pq.ethereum.org. In contrast, Bitcoin currently lacks a unified roadmap for quantum resistance: existing proposals such as BIP-360 and BitMEX Research’s detection framework have not gained broad support among core developers. Prominent Bitcoin advocate Nic Carter has bluntly labeled Bitcoin’s quantum response “the worst,” while Blockstream CEO Adam Back acknowledges that current quantum systems remain confined to laboratory settings—but still endorses deploying optional upgrade paths in advance. Analysts note that Bitcoin’s decentralized governance culture makes coordinating large-scale security upgrades extremely difficult, and resolving historical issues—such as how to handle Satoshi’s holdings—presents a particularly thorny dilemma. A related Google paper warns that once quantum attacks become feasible, the window for effective response may already have closed.
According to Odaily, independent researcher Giancarlo Lelli was awarded the Q-Day Prize and 1 Bitcoin by quantum security startup Project Eleven for successfully cracking the encryption keys protecting Bitcoin. Giancarlo Lelli utilized publicly available quantum hardware and a variant of Shor's algorithm to crack a 15-bit encryption key among 32,767 possibilities. The difficulty of this quantum attack is 512 times greater than the 6-bit key record set in September 2025. Project Eleven CEO Alex Pruden stated that the resource requirements for such attacks continue to decline, with approximately 6.9 million Bitcoins currently held in vulnerable static addresses, including 1 million Bitcoins owned by Satoshi Nakamoto. The Bitcoin network has proposed BIP-360 to introduce quantum-resistant address types, while platforms such as Ethereum, Ripple, and Tron have also begun releasing plans for transitioning to post-quantum defenses.
according to on-chain analyst Ai Yi's monitoring, an address linked to the Balancer attacker has transferred 5,609 ETH, worth $13 million, to THORChain over the past 9 hours. In November 2025, Balancer was hacked for over $116 million, a incident with the same suspected culprit as the Aave attack, both pointing to the North Korean hacker group Lazarus Group. Both entities have recently been frequently using Tornado Cash for money laundering.
According to Arkham (@arkham), Avi Eisenberg—a crypto hacker who exploited Mango Finance in 2022 to arbitrage $110 million—recently signed a new on-chain transaction. Eisenberg had previously been arrested and imprisoned for market manipulation, and his post-release on-chain activity has sparked heated discussion within the community.
According to the U.S. Department of Justice, Evan Tangeman, a 22-year-old man from Newport Beach, California, was sentenced on April 24 to 70 months in federal prison followed by three years of supervised release by the U.S. District Court for the District of Columbia. Tangeman participated in an interstate social engineering crime ring that laundered at least $3.5 million. The criminal group operated since October 2023, stealing over $263 million in cryptocurrency through hacking and social engineering tactics. Its members were predominantly minors or unemployed youths under age 20, and the group originated on online gaming platforms. Tangeman was responsible for converting stolen cryptocurrency into fiat currency and leasing luxury mansions for group members in cities including Los Angeles and Miami; he personally received high-end vehicles—including a Bentley and a Lamborghini—as compensation. After the scheme unraveled, Tangeman instructed his co-conspirators to destroy digital devices to obstruct the investigation. The case was jointly investigated by the FBI’s Washington, Los Angeles, and Miami field offices, along with the IRS Criminal Investigation Division. To date, nine defendants have pleaded guilty.
According to on-chain analyst Yujin (@EmberCN), the hacker who stole approximately $98 million worth of assets from Balancer last November has been continuously swapping ETH for BTC via THORChain. To date, the hacker has swapped a total of 14,300 ETH for 419.3 BTC (approximately $32.51 million). The hacker currently holds 7,700 ETH on the Ethereum chain and 419.3 BTC on the Bitcoin chain, with a combined value of approximately $50.4 million. Since the price of ETH has fallen significantly from around $3,600 at the time of the theft, the value of the hacker’s holdings has shrunk by nearly half—from the original $98 million.
According to Onchain Lens monitoring, the Balancer attacker (0xa6d6...BDaA) exchanged 13,191 ETH for 386.52 BTC, worth $30.54 million, over the past 15 hours. The attacker currently still holds 8,000 ETH, valued at $18.52 million.
According to an official announcement, OpenAI has launched a biotechnology security vulnerability bounty program for GPT-5.5 and is now accepting applications. This program aims to strengthen the safety of its advanced AI capabilities in the biotechnology domain by inviting researchers with experience in AI red-teaming, security, or biosecurity to attempt identifying general jailbreak methods that can bypass its five biotechnology safety challenges.
According to on-chain analyst Yujin (@EmberCN), the hacker who stole approximately $98 million in assets from Balancer last November is today exchanging ETH for BTC via THORChain. So far, 7,000 ETH have been swapped for 204.7 BTC—valued at roughly $15.88 million—and the process continues. Additionally, it has been disclosed that this address currently holds 15,000 ETH on Ethereum, valued at approximately $34.65 million, and 204.7 BTC on Bitcoin.
According to a research report released by cybersecurity firm Expel, the company is tracking an advanced persistent threat (APT) group dubbed “HexagonalRodent,” which is highly assessed to be a North Korean (DPRK) state-sponsored actor. This group primarily targets Web3 developers and specializes in stealing high-value digital assets—including cryptocurrencies and NFTs. In the first quarter of 2026 alone, the group compromised 2,726 developer devices and stole access credentials for 26,584 cryptocurrency wallets, with the total value of stolen assets reaching as high as $12 million. The group primarily carries out its attacks via fake job postings—publishing lucrative positions on LinkedIn and Web3 recruitment platforms to lure job seekers into completing “skills assessments” embedded with malicious code. These assessments exploit VSCode’s tasks.json functionality to automatically execute malware when victims open the project folder. The malware used includes BeaverTail, OtterCookie, and InvisibleFerret, all of which possess capabilities such as password theft, remote control, and reverse shell execution. Notably, the group extensively leverages generative AI tools—including ChatGPT and Cursor—to develop malware, build counterfeit corporate websites, and generate AI-forged executive teams. It even registered a shell company in Mexico to enhance the credibility of its operations. Additionally, the group recently carried out its first-ever supply-chain attack, successfully infiltrating a VSCode extension.
Kelp DAO released a community update on X, noting that the recent rsETH security incident has remained tense over the past several days. However, with support from partners and the broader community, discussions are progressing in a positive direction, and efforts to identify an appropriate resolution are being accelerated. The guiding principles have already been reflected in initial actions, and subsequent updates will continue along this path, aiming for a win-win outcome for all stakeholders. Over the past four days, the Kelp team has engaged in in-depth communication with partners and other relevant parties. Specific progress includes: the Arbitrum Security Council has taken measures to freeze the stolen funds, and the SEAL 911 emergency response team has swiftly stepped in to conduct preliminary investigations, providing a clear and objective analytical perspective on the incident. While some developments have not yet been fully disclosed, related work continues to advance steadily. Kelp DAO stated that its current priority is safeguarding user assets and strengthening the protocol itself. This incident is also viewed as a critical test—not only for the project but for the broader DeFi ecosystem—and key follow-up developments will continue to be shared via official channels.
According to on-chain analyst Ai Aunt (@ai_9684xtpa), the address 0xb5E…Fc24e deposited a total of 1.397 million UNI tokens—worth approximately $4.6 million—into three exchanges two hours ago. Notably, the Bybit deposit address has had multiple interactions with the DeFi crypto fund DeFiance Capital, which is an investor in both Aave and LayerZero—two entities closely linked to the recent Kelp DAO hack incident.
SlowMist CISO 23pds (@im23pds) disclosed that the Bitwarden CLI version 2026.4.0 was subjected to a Checkmarx supply-chain attack between 17:57 and 19:30 ET on April 22. During this window, attackers abused a GitHub Action within Bitwarden’s CI/CD pipeline to briefly distribute a malicious package via npm. The official statement confirmed that Vault data was not compromised and production systems remained unaffected; only users who installed this specific version via npm during the aforementioned time window were impacted. Affected users are advised to immediately uninstall version 2026.4.0, clear their npm cache, rotate sensitive credentials—including API tokens and SSH keys—investigate anomalous activity in GitHub and CI environments, and upgrade to the patched version 2026.4.1.
According to on-chain analyst Onchain Lens (@OnchainLens), the Balancer hacker’s address has reactivated after five months of dormancy, transferring 100 ETH (approximately $233,000) to a new wallet and beginning fund transfers via ThorChain. The hacker currently still holds 21,900 ETH, valued at approximately $51.13 million.
According to information on the governance forum page, Mantle plans to provide Aave with a loan of 30,000 ETH to help it address the non-performing loan risk triggered by the recent attack. According to analyst Yujin’s statistics, confirmed rescue funds now cover a shortfall of approximately 43,500 ETH.
According to Onchain Lens monitoring, the Balancer attacker, dormant for five months, has transferred 100 ETH (approximately $233,000) to a new address and begun transferring funds through Tornado Cash.The attacker currently still holds 21,900 ETH, valued at approximately $51.13 million.